Web Service Security

I have written a web service for new user enrollment which will be used by our trusted 3rd party services but i found that anybody who come to know the web service url can enroll the user. Can you please let know what do i need to do to make sure that the request coming is coming from a valid party?

I was busy with different priority in project so coming back to this I have another question -

After going through your links and some other stuff I know of following approaches which can be implemented.
I want to know which one is better

1. Configure username/password for each web service operation invocation.
2. Configure username/password to invoke authenticate() operation first which will generate a token and send it back to client.
Client to use this token to call subsequent web services operation.

Option 2 is what is typically used. Authentication is typically for a application(and not operation). If you want to control operation level access then i would guess that this would come under scope of authorization. You can decide what authorization mechanism you use to limit users to specific operations only.